Fluid Attacks Database

Description

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php53	<0:5.3.3-13.el5_8	0:5.3.3-13.el5_8
rpm rhel6	php	<0:5.3.3-14.el6_3	0:5.3.3-14.el6_3

Aliases

1. CVE-2012-23862. NVD-2012-23863. OSV-2012-2386

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.